Tagged Questions

A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability.

There have been several critical 0-day exploits in the past days/weeks in Flash alone. Nobody knows how long the 0-days have been exploited, and it is reasonable to expect that there are 0-days being ...

If honeypots are designed for a specific set of exploits, such as SQL injection and XSS, how do they protect themselves against other exploits? For instance, if I created a honeypot a few months ago, ...

Vulnerabilities are discovered everyday. The recent Heart bleed attack caught many people off guard. I was wondering if a serious flaw was to be discovered that allows unfettered access to SSH, how ...

We're analysing issue at work and I wondering how to find out if there's any binary with a statically compiled version of openssl which includes this bug.
Would it be possible to find a fingerprint ...

Mp3blaster is a terminal mp3 player running a UNIX-like operating system, e.g. Linux, Free/Net/OpenBSD, etc. I usually use this player for playing my music, but yesterday I found a blog which claim ...

Based on this IE zero day, I'm interested in listing all DLLs in our systems that have been compiled to not work with ASLR.
Ideally, I'd like to analyze a static file and not load it into memory to ...

Lately, I've read several articles about anti-malware software and one thing caught my eye - ability to detect zero-day attacks.
In short - how does anti-malware / anti-virus industry test their own ...

The best explanation I found is from this article but it still is unclear to me. Apparently a new vulnerability has been found involving .lnk files where when a folder on the memory stick containing ...

We are a development team working on a new 0-day protection security product.
We aim to protect against new unknown 0-days attacks against servers.
We have a very strong solution ready to demo.
The ...

I'm a professional Windows system administrator, but I've been caught off-guard (or maybe some malware writer has been very clever) and I caught some unknown malware on my home computer (Windows 7 x64 ...

We just had a breach of one of our servers, where an intruder got access using the JBoss account and started running exploit scripts. The server has been taken offline and is being investigated, but ...